CODEWITHSUNDEEP
azureterraform
Theironrock95
Theironrock95

Reputation: 133

Dynamic deployment of Private endpoint

I am trying to develop a module that if the variable DeployPrivateEndpoint == true will deploy the private endpoint and if false it will not be deployed.

I currently have the following code:

resource "azurerm_container_registry" "ACR" {
  count                    = length(var.ACR_Name)
  name                     = var.ACR_Name[count.index]
  resource_group_name      = var.resourcegroup_name
  location                 = var.location
  sku                      = var.ACR_Sku
  admin_enabled            = var.ACR_AdminEnabled
  georeplication_locations = var.ACR_GeoRepLocation
}

resource "azurerm_private_dns_zone" "PDZ" {
  count                     = var.DeployPrivateEndpoint == true ? 1 : 0
  name                      = "privatelink.azurecr.io"
  resource_group_name       = var.resourcegroup_name
}

resource "azurerm_private_endpoint" "PEP" {
  count                     = var.DeployPrivateEndpoint == true ? length(var.PEP_Name) : 0
  name                      = var.PEP_Name[count.index]
  location                  = var.location
  resource_group_name       = var.resourcegroup_name
  subnet_id                 = element(concat(var.subnet_id[*], [""]), count.index)

  private_dns_zone_group {
    name                            = "private-dns-zone-group"
    private_dns_zone_ids            =  element(concat(azurerm_private_dns_zone.PDZ.*.id, [""]), count.index)
  }

  private_service_connection {
    name                            = var.PEP_Name[count.index]
    private_connection_resource_id  = element(concat(azurerm_container_registry.ACR.*.id, [""]), count.index)
    subresource_names               = [ "registry" ]
    is_manual_connection            = false
  }

}

The code only crashes on the part at private_dns_zone_group at this point if the value of the variable is false. Terraform expects that a private_dns_zone_ids will be given, but it is not created because the variable is set to false. I get the following error:

Error: Invalid index

on .terraform\modules\containerRegistry\outputs.tf line 10, in output "ACR_PDZID": 10: value = azurerm_private_dns_zone.PDZ.0.id |---------------- | azurerm_private_dns_zone.PDZ is empty tuple

any help is appreciated!

Edit:

The module is called trough a main that looks like this:

terraform {
  required_version = ">= 0.13"

  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "2.47.0"
    }
  }

}

provider "azurerm" {
  subscription_id = "****"
  client_id = "****"
  client_secret = "*****"
  tenant_id = "*****"

  features {}
}

module "ResourceGroups" {
  source                        = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/ResourceGroup"
  location                      = var.location
  RG_Name                       = var.RG_Name
}

module "VirtualNetwork" {
  source                        = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/VirtualNetwork"
  resourcegroup_name            = module.ResourceGroups.RG_Name[0]
  location                      = var.location  
  VNET_Name                     = var.vnet_name
  VNET_Cidr                     = var.vnet_cidr
}

module "Subnet" {
  source                        = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/Subnet"
  resourcegroup_name            = module.ResourceGroups.RG_Name[0]
  location                      = var.location  
  VNET_name                     = module.VirtualNetwork.VNET_Name[0]
  SNET_cidr                     = var.subnet_cidr
  SNET_name                     = var.subnet_names
}

module "containerRegistry" {
  source                        = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/ContainerRegistry"
  resourcegroup_name            = module.ResourceGroups.RG_Name[0]
  location                      = var.location  
  subnet_id                     = module.Subnet.SNET_ID
  PEP_Name                      = ["****", "*****"]
  ACR_Name                      = ["****", "*****" ]
  ACR_Sku                       = "Premium"
  DeployPrivateEndpoint         = false
}

The output.tf file form the module looks lik this:

output "ACR_ID" {
  value = azurerm_container_registry.ACR.*.id
}

output "ACR_LoginServer" {
  value = azurerm_container_registry.ACR.*.login_server
}

output "ACR_PDZID" {
   value       = azurerm_private_dns_zone.PDZ.0.id
}

output "ACR_PEPID" {
   value       = azurerm_private_endpoint.PEP.*.id
}

Upvotes: 0

Views: 876

Answers (1)

Andriy Bilous
Andriy Bilous

Reputation: 2522

You should tune a bit your ACR_PDZID output, change 0 to *

output "ACR_PDZID" should look like this:

output "ACR_PDZID" {
   value       = azurerm_private_dns_zone.PDZ.*.id
}

Upvotes: 2

Related Questions